User behavioral risk assessment
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive data from a computing device, wherein the data describes;
a plurality of activities detected at the computing device and performed by the particular user while using the computing device, anda potential violation of a particular one of a set of rules, wherein a particular one of the plurality of activities comprises the potential violation, and the potential violation is determined at the computing device;
determine that the potential violation qualifies as a particular use violation in a plurality of pre-defined use violations;
determine a behavioral risk score for the particular user based at least in part on the determination of the particular use violation and one or more other activities in the plurality of activities;
receive data from the computing device identifying a determination by the computing device of a potential violation of a different, second set of rules based on a second activity performed by a second user using the computing device, wherein application of the second set of rules is based at least in part on identification of the second user using the computing device; and
determine whether the potential violation of the second set of rules qualifies as at least one use violation in the plurality of pre-defined use violations.
13 Assignments
0 Petitions
Accused Products
Abstract
A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation.
-
Citations
27 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive data from a computing device, wherein the data describes; a plurality of activities detected at the computing device and performed by the particular user while using the computing device, and a potential violation of a particular one of a set of rules, wherein a particular one of the plurality of activities comprises the potential violation, and the potential violation is determined at the computing device; determine that the potential violation qualifies as a particular use violation in a plurality of pre-defined use violations; determine a behavioral risk score for the particular user based at least in part on the determination of the particular use violation and one or more other activities in the plurality of activities; receive data from the computing device identifying a determination by the computing device of a potential violation of a different, second set of rules based on a second activity performed by a second user using the computing device, wherein application of the second set of rules is based at least in part on identification of the second user using the computing device; and determine whether the potential violation of the second set of rules qualifies as at least one use violation in the plurality of pre-defined use violations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 24, 25, 26, 27)
-
-
20. A method comprising:
-
receiving data from a computing device, wherein the data describes; a plurality of activities detected at the computing device and performed by the particular user while using the computing device, and a potential violation of a particular one of a set of rules, wherein a particular one of the plurality of activities comprises the potential violation, and the potential violation is determined at the computing device; determining that the potential violation qualifies as a particular use violation in a plurality of pre-defined use violations; determining a behavioral risk score for the particular user based at least in part on the determination of the particular use violation and one or more other activities in the plurality of activities; receiving data from the computing device identifying a determination by the computing device of a potential violation of a different, second set of rules based on a second activity performed by a second user using the computing device, wherein application of the second set of rules is based at least in part on identification of the second user using the computing device; and determining whether the potential violation of the second set of rules qualifies as at least one use violation in the plurality of pre-defined use violations.
-
-
21. A system comprising:
-
at least one processor device; at least one memory element; and a user behavioral risk analysis tool, adapted when executed by the at least one processor device to; receive first data from a computing device, wherein the first data describes; a plurality of activities detected at the computing device and performed by the particular user while using the computing device, and a potential violation of a particular one of a set of rules, wherein a particular one of the plurality of activities comprises the potential violation, and the potential violation is determined at the computing device; determine that the potential violation qualifies as a particular use violation in a plurality of pre-defined use violations; determine a behavioral risk score for the particular user based at least in part on the determination of the particular use violation and one or more other activities in the plurality of activities; receive second data from the computing device identifying a determination by the computing device of a potential violation of a different, second set of rules based on a second activity performed by a second user using the computing device, wherein application of the second set of rules is based at least in part on identification of the second user using the computing device; and determine whether the potential violation of the second set of rules qualifies as at least one use violation in the plurality of pre-defined use violations. - View Dependent Claims (22, 23)
-
Specification